دانلود کتاب شبکه با لینوکس

Linux provides a great platform for implementing network services, offering software solutions for everything from routing, load balancing, and VPNs to advanced firewall configurations. As containers and cloud computing have matured, Linux has become the platform of choice for these technologies. The foundation for these technologies has been the firstclass support for virtual networks and the network stack isolation provided by Linux namespaces. This book is designed as a ground-up exploration of networking on the Linux operating system. It builds the reader’s understanding beginning with the OSI model and examining Linux’s functionality at each layer. You will learn how Linux implements core concepts like switching and routing, progressing into advanced topics like link aggregation, multipath routing, policy-based routing, and BGP-based dynamic routing. The book provides you with multiple perspectives on networking on Linux by examining both the established conventions and the emerging technology. For instance, in the case of firewalls, the book explores iptables as the dominant standard in the enterprise today, while also introducing the next generation of firewall implementation with nftables. With this book, the readers will understand how to build load balancers, virtual networks, and container-ready infrastructures on Linux. By the end, you will possess the skills to design, configure, troubleshoot, and manage network solutions on the Linux platform. Chapter 1: Understanding Networking on Linux — The chapter starts with the explanation of various layers of the OSI networking model and their functionality. It progresses into explaining the networking concepts of Layer 2 of the OSI model in the context of Linux and explores the physical and virtual network interfaces. The chapter further explains the concepts of bridging Layer 2 networks, VLANs, and various modes of link aggregation. Chapter 2: Routing and Packet Forwarding — This chapter explores the Layer 3 networking concepts like IP addressing, subnetting with classful and classless addresses, and automatic network address configuration with the DHCP service. The chapter delves into routing on Linux and advanced topics like multipathing, policy-based routing, virtual routing, and forwarding. Finally, the chapter explains how to set up dynamic routing on Linux with Border Gateway Protocol. Chapter 3: Firewalls and Packet Filtering — This chapter explains the implementation of firewalls on Linux with iptables. It explains the core concepts of the iptable, the flow of packets through the various tables that compose the firewall. The syntax of iptable rules and the actions that a rule can take are explained. The chapter also explores the concept of Network Address Translation and the use cases for source and destination address translations. IPsets and higher-layer tools like firewalld are also covered in this chapter. Chapter 4: Network Troubleshooting and Diagnostics — This chapter explains the various tools that are used to troubleshoot and monitor networks on Linux. The chapter explores tools like ping for checking basic connectivity, traceroute to check the routing of packets, and ss and netstat for monitoring socket-level statistics. The chapter also explains tracing network connections with tcpdump, Wireshark, and tshark, and finally concludes with an explanation of NetFlow for monitoring high traffic volumes with ntopng. Chapter 5: Network Services and Protocols — This chapter covers the configuration of the most common and essential network services like DNS, NTP, SSH, NFS, and HTTP. It explains the resolution of domain names with a recursive resolver and the configuration of the Domain Name Service. The working and configuration of the Network Time Protocol, which forms the basis of time synchronization on a network, is explained. The chapter also explains the Secure Shell service, which is the de facto standard for remote access to a Linux server. Finally, the chapter explains the Network File System for file sharing on the network and the HTTP service using NGINX configuration. Chapter 6: Load Balancing and High Availability — This chapter explains the Load balancing and high availability services on Linux. The concept of Layer 3 high availability and virtual IP is explained. The chapter explores the implementation of high availability with Keepalived service and BGP. The chapter then explains the implementation of Layer 4 load balancing service with iptable and IP Virtual Server. The chapter then explains load balancing at Layer 7 with HAProxy. Chapter 7: Network Namespaces and Virtual Networking — This chapter explains network virtualization and the function of network namespaces. It explains the concept of isolated network stacks and their implementation with namespaces on Linux. The chapter demonstrates how to set up namespaces and how they function with examples. The chapter then progresses into network isolation with MACVLANS and IPVLANS and userspace networking with the TUN/TAP interfaces. Chapter 8: Traffic Shaping and QoS — This chapter explains how quality of service can be implemented on Linux with traffic shaping. The chapter explains the concept of bandwidth as a finite resource and how to apply various traffic control mechanisms to best utilize the network bandwidth for a given scenario. The chapter delves into the various traffic queuing disciplines, applies the rate-limiting techniques, and also explains the concept of buffer bloat and mitigation. Chapter 9: Deep Dive into TCP/IP Stack Tuning — This chapter explains the sysctl and the proc filesystem interfaces provided by Linux to tune the TCP/IP stack. It explains the scenario of tuning the system to utilize maximum bandwidth, connection handling with TCP Fast Open, and connection tear-down. Connection persistence with Keepalive and hardening against attacks like Syn-Flood are explained in the chapter. The chapter also delves into the evolution of the application-layer protocol HTTP/3 and QUIC. Chapter 10: Virtual Private Networks on Linux — This chapter examines the virtual private network services on Linux. The chapter explains the concept of a virtual private network and its use cases for Siteto- Site and Point-to-Site configurations. The chapter explains the configuration of VPN with WireGuard and IPSEC using both certificates and pre-shared keys. Chapter 11: Virtual Networking and Cloud Integration — The chapter explains the container and Kubernetes pod networking with various Container Networking Interfaces plugins like Calico and the overlay network to connect the container across multiple hosts. Common overlay networks like VXLAN and GRE are explained. The concept of software defined networks with OpenVSwitch and ovsdb is covered. It also explains Virtual Private Cloud provided by popular cloud providers like AWS, Azure, and GCP, and explains how the concept of virtual networking applies to the cloud environment. Chapter 12: Network Monitoring with eBPF — This chapter explores the modern network monitoring capability of Linux with eBPF. The chapter starts by explaining the shortcomings of traditional monitoring solutions and progresses to explain the eBPF framework to use probes and trace points to gain insight into network monitoring. The chapter provides practical examples of using XDP, the bpftrace tool, and writing a custom eBPF program for tracing and collecting statistics of network functions.